moduleIptables.TypeswhereimportData.SetimportData.WorddataIptables=Iptables{tFilter::[Chain],tNat::[Chain],tMangle::[Chain],tRaw::[Chain]}deriving(Show,Eq)dataChain=Chain{cName::String,cPolicy::Policy,cCounters::Counters,cRules::[Rule]}deriving(Show)-- | Discard countersinstanceEqChainwhere(==)(Chainname1policy1_rules1)(Chainname2policy2_rules2)=(name1==name2)&&(policy1==policy2)&&(rules1==rules2)dataPolicy=ACCEPT|DROP|PUNDEFINEDderiving(Show,Eq)dataCounters=Counters{cPackets::Integer,cBytes::Integer}deriving(Show,Eq)dataRule=Rule{rCounters::Counters,rOptions::[RuleOption],rTarget::RuleTarget}deriving(Show)-- | Discard countersinstanceEqRulewhere(==)(Rule_opts1tar1)(Rule_opts2tar2)=(opts1==opts2)&&(tar1==tar2)dataRuleTarget=TAccept|TDrop|TRejectRejectType|TReturn|TSNatNatAddressBoolBool-- --to-source --random --persistent|TDNatNatAddressBoolBool|TMasqueradeNatPortBool-- --to-ports --random|TRedirectNatPortBool-- --to-ports --random|TUChainString|TUnknownString[String]deriving(Show,Eq)dataRejectType=RTNetUnreachable|RTHostUnreachable|RTPortUnreachable-- Default if not specified|RTProtoUnreachable|RTNetProhibited|RTHostProhibited|RTAdminProhibited|RTTcpResetderiving(Show,Eq)dataNatAddress=NAIpWord32Word32|NAIpPortWord32Word32IntIntderiving(Show,Eq)dataNatPort=NatPortIntInt|NatPortDefaultderiving(Show,Eq)dataRuleOption=OProtocolBoolProtocol|OSourceBoolAddr|ODestBoolAddr|OInIntBoolInterface|OOutIntBoolInterface|OState(SetCState)|OFragmentBool|OSourcePortBoolPort|ODestPortBoolPort|OTcpFlagsBoolTcpFlags|OSynBool|OTcpOptionBoolInt|OIcmpTypeBoolInt|OModuleModule|OLimitBoolLimit|OLimitBurstInt|OMacSourceBoolString|OMarkIntInt|OPortBoolPort|OUidOwnerBoolInt|OGidOwnerBoolInt|OSidOwnerBoolInt|OTosInt|OTtlInt|OPhysDevInBoolInterface|OPhysDevOutBoolInterface|OPhysDevIsInBool|OPhysDevIsOutBool|OPhysDevIsBridgedBool|OCommentString|OUnknownStringBool[String]-- option can have more than one parametersderiving(Show,Eq){- We can work only with strings. In iptables, a protocol can be specified by integer number,
- but we don't use this feature.
-}typeProtocol=StringdataAddr=AddrIPWord32|AddrMaskWord32Word32|AddrPrefWord32Intderiving(Show,Eq)dataInterface=InterfaceStringderiving(Show,Eq)dataPort=Port[Int]|PortRangeIntIntderiving(Show,Eq)-- Парсить осторожно - в тексте это 2 слова, разделённых пробеламиdataTcpFlags=TcpFlags[Flag][Flag]deriving(Show,Eq)dataFlag=FSyn|FAck|FFin|FRst|FUrg|FPsh|FAll|FNonederiving(Show,Eq)dataLimit=LimitStringderiving(Show,Eq)dataCState=CStInvalid|CStEstablished|CStNew|CStRelated|CStUntrackedderiving(Show,Eq,Ord)dataModule=ModTcp|ModUdp|ModLimit|ModMac|ModMark|ModMultiport|ModOwner|ModState|ModTos|ModTtl|ModPhysDev|ModComment|ModOtherStringderiving(Show,Eq)dataFilterChainType=FilterInvalidChain|FilterValidChainderiving(Show,Eq)dataNatChainType=NatUnknownChain|NatInvalidChain|NatDNatChain|NatSNatChainderiving(Show,Eq,Ord)